Risks
Advisories
Browse
or
or
Caldera Security Advisory - Volution Manager: Directory Administrator password in cleartext
______________________________________________________________________________ 


                Caldera International, Inc. Security Advisory 


Subject: Volution Manager: Directory Administrator password in cleartext 
Advisory number: CSSA-2002-024.0 
Issue date: 2002 June 3 
Cross reference: 
______________________________________________________________________________ 



1. Problem Description 


        Volution Manager stores the unencrypted Directory 
        Administrator's password in the /etc/ldap/slapd.conf file. 


        This vulnerability will be corrected in the next release of 
        Volution Manager. 



2. Vulnerable Supported Versions 



        System Package 
        ---------------------------------------------------------------------- 
        Volution Manager 1.1 Standard 



3. Solution 


        Volution Manager stores the un-encrypted Directory 
        Administrator's password in the /etc/ldap/slapd.conf file. 
        The password line looks similar to this: 


                rootpw <clear_text_password> 


        Caldera strongly recommends that you encrypt this password, 
        using the following steps: 


        As the root user, run slappasswd, entering your desired 
        password at the prompts (the example uses newpasswd as the new 
        password; the password will not be seen as you type it). 


        # slappasswd 
        New password: newpasswd 
        Re-enter new password: newpasswd 
        {SSHA}AvcGnFPjUCqbIs/Ki8XfiOYJwttfwnRz 
        # 


        The output is the new, encrypted password. In the file 
        /etc/ldap/slapd.conf, replace the previous rootpw line with a 
        line containing the new, encrypted password so that the line 
        looks similar to this: 


                rootpw {SSHA}AvcGnFPjUCqbIs/Ki8XfiOYJwttfwnRz 



4. References 


        Specific references for this advisory: 
                none 


        Caldera OpenLinux security resources: 
                http://www.caldera.com/support/security/index.html 


        Caldera UNIX security resources: 
                http://stage.caldera.com/support/security/ 


        This security advisory closes Caldera incidents sr864231, 
        erg501574. 




5. Disclaimer 


        Caldera International, Inc. is not responsible for the misuse 
        of any of the information we provide on this website and/or 
        through our security advisories. Our advisories are a service 
        to our customers intended to promote secure installation and 
        use of Caldera products. 


______________________________________________________________________________ 



-----BEGIN PGP SIGNATURE----- 
Version: GnuPG v1.0.6 (SCO_SV) 
Comment: For info see http://www.gnupg.org 


iEYEARECAAYFAjz72JMACgkQbluZssSXDTFGYQCfX0cnLbZoZjuVYlv/oMgkdRWd 
ZyQAniNtDNeeCoU8zZfWkbsC03tx5Bp1 
=Hb6I 
-----END PGP SIGNATURE----- 




Spotlight

How to talk infosec with kids

Posted on 17 September 2014.  |  It's never too early to talk infosec with kids: you simply need the right story. In fact, as cyber professionals itís our duty to teach ALL the kids in our life about technology. If we are to make an impact, we must remember that children needed to be taught about technology on their terms.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Sep 19th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //